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(57) Abstract 

The present invention relates to an apparatus and a method for use in a virtual private network, VPN, (7, 7*), or a network domain 
forming part of a larger network, such as the Internet, to enable a first subscriber (1; V) in the larger network to retrieve the address of a 
second subscriber (3; 3') in the VPN. The address may be returned to the first subscriber (1; 1*) or a connection means (11) may set up the 
connection between the subscribers (1, 3; 1\ 3*) automatically. 
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METHOD AND APPARATUS TO ENABLE A FIRST SUBSCRIBER IN A LARGER NETWORK TO RETRIEVE THE 
ADDRESS OF A SECOND SUBSCRIBER IN A VIRTUAL PRIVATE NETWORK 

Technical Field 

The present invention relates to the communication between terminals connected to 
5 data or multimedia networks, such as the Internet. 

Background 

Internet Protocol (IP) type networks are used to an increasing degree for data, video 
and audio communication. It is a problem for subscribers in such networks to find 
10 the physical addresses, or IP addresses, of subscribers in other networks or 
subnetworks. 

Summary of the Invention 

It is an object of the present invention to enable a subscriber in any part of an IP 
15 based network to locate other subscribers in the same or other parts of the IP based 
network. 

It is another object of the invention to enable subscribers in any part of an IP based 
network to connect to other subscribers in the same or other parts of the IP based 
20 network, for any kind of communication according to any known protocol. 

It is yet another object of the invention to enable a subscriber to move between 
different locations in the network and still be reached. 

25 The objects are achieved in a network by using a name server means according to 
the invention for each Virtual Private Network (VPN) connected to the network, the 
name server means being adapted to 

- resolve a logical address in the VPN to the real IP address of hosts and user 
terminals for a specific service, such as e-mail or communication according to the 
30 H.323 protocol, 
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- function as a look-up table between the logical E. 164 addresses in the VPN -and the 
real IP addresses of the hosts and users 

- cooperate with connection means for call set-up. 

5 The solution according to the invention offers the following advantages: 

As it is based on known solutions, it may be implemented at a relatively low cost. 
It involves the separation of an internal and an external number plan, thus increasing 
the flexibility in the network. 

It enables the connection between an H.323 domain and an Internet domain. 

10 

Brief Description of the Drawings 

Figure 1 is a schematic drawing of a connection between two user terminals set up 
according to a first embodiment of the invention. 
15 Figure 2 is a flow chart of the actions performed when a connection between two 
user terminals is set up according to the first embodiment. 
Figure 3 is a schematic drawing of a connection between two subscribers set up 
according to a second embodiment of the invention. 

Figure 4 is a flow chart of the actions performed when a connection between two 
20 user terminals is set up according to the second embodiment. 

Detailed Description of Embodiments 

The dotted line in Figure 1 shows a connection between a first 1 and a second 3 user 
terminal. The terminals 1, 3 may be any kind of terminals which may be used for 

25 communication, for example personal computers (PCs) or telephones. The first user 
terminal 1 is connected to a data or telecommunications network 5 via a leased line, 
a modem a corporate network, or in any other way. The network 5 may be any 
network allowing communication between two end points on a logical connection, 
which may be packet switched or circuit switched. A common network today, in 

30 which the teachings of the invention may become particularly useful, is the Internet. 
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In the following discussion, therefore, the network 5 will be referred to as the - 
Internet. 

The second user terminal is found in a Virtual Private Network (VPN) 7, which 
functions as an Internet domain. A name server 9 in the VPN 7 is connected to the 
Internet 5 and to a connection unit 1 1. In TCP/IP networks the name server 9 might 
be a Domain Name Server (DNS) well known in the art. If the H.323 protocol for 
data, audio and video communication is used, the connection unit 1 1 might be a 
gatekeeper, of a kind well known in the art. The connection unit 1 1 is connected to 
the second user terminal 3 with a semi-permanent connection. 

The name server 9 is a database comprising, in addition to the information found in 
prior art name servers, an MX record 13 for each user terminal in the VPN 7. The 
MX record comprises information about the IP addresses of all user terminals in the 
VPN 7 for different types of communication, for example, e-mail, H.323, or telnet 
connections. 

Figure 2 shows the actions taken when the first user 1 in the first embodiment 
wishes to establish a connection to the second subscriber 3. 

Step SI 1: The first user 1 connects to the name server 9 and requests the gate 
number for H.323 and enters the known address of the second user 3. 

Step S 12: The name server 9 determines what type of connection is wanted and 

forwards the request to the connection unit 1 1, together with the address 
of the first user 1. 

Step S13: The connection unit 11 retrieves the appropriate IP address of the 



second user 3 for the type of connection, in this case, the H.323 address. 
The type of connection may be determined, for example, by the port of 
the name server at which the connection is made. 
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Step S14: The connection unit 1 1 establishes the connection between the users 1, 



5 Figure 3 shows a second embodiment of the invention. In this embodiment a first 
user terminal V is connected to a second user terminal 3' as shown by the dotted 
line. The second user terminal is found in a VPN 7\ which also comprises a name 
server 9\ identical to the name server 9 in Figure 1. A user directory 1 V is 
connected to the name server 9\ The user directory 9* comprises information about 

10 the physical addresses of the user terminals 3 5 in the VPN 7Mn a TCP/IP network, 
the name server will be a Domain Name Server (DNS) and the user directory will be 
a Lightweight Directory Access Protocol (LAPD) server of the kinds known in the 
art. 

15 Figure 4 shows the actions taken when the first user V in the second embodiment 
wishes to establish a connection to the second subscriber 3\ 

Step S21: The first user V connects to the name server 9' and transmits the 
known, logical address of the second user 3' to the name server 9'. 

20 

Step S22: The name server 9' determines what type of connection is wanted and 
forwards the logical address of the second user 3' to the user directory 
11' of the VPN 7\ 

25 Step S23: The user directory IV retrieves the physical address corresponding to 
the logical address entered. 

Step S24: The user directory 1 1 ' returns the physical address of the second user 3 ' 
to the first user 1' via the name server 9' . 

30 
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Step S25 : The first user 1 ' initiates the connection to the second user 3 ' in a - 
conventional manner. 

If the first user V knows the address to the user directory 1 1', he can go directly to 
5 the user directory 1 1 ' instead of connecting via the name server 9'. 
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Claims 



1. A name server means (9; 9') for use in a virtual private network (7; 7'), or a 
network domain, forming part of a compound network, 
5 said means (9; 9') being characterized by means (13;13') for receiving a request for 
the physical address of a user terminal (3; 3') from another user terminal (1; V) and 
forwarding said request to a connection means (11; 11 ') in the virtual private 
network (7; T) or network domain. 

10 2. A name server means according to claim 1, characterized in that the logical 

addresses comprise EP addresses, addresses according to the E.164 protocol and/or 
other logical identities according to the appropriate numbering plan. 

3. A name server means according to claim 1 or 2, characterized by means (11, 11') 
15 for initiating the connection between two subscribers (1, 3). 

4. A connection means (11; 1 V) for use in a virtual private network (7; 7') or a 
network domain, forming part of a compound network, said connection means being 
characterized in that it is adapted to return, upon a request comprising a logical 

20 address of a user (3;3') in the virtual private network (7; 7'), a physical address of 
said user (3; 3'). 

5. A connection means (11; IT) according to claim 4, characterized in that it is 
adapted, upon a request originating from a user (1; 1') in said compound network, 

25 said request comprising a logical address of a user (3; 3') in the virtual private 
network (7; 7'), to establish a connection between said users (1, 3; 1' 3'). 

6. A telecommunications or data communications network, forming part of a 
compound network, characterized by at least one connection means, according to . 

30 claim 4 or 5. 
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7. A network according to claim 6, characterized by at least one name server means 
according to any one of claims 1-3. 

5 8. A method for enabling a user (1; 1') in compound network to retrieve the IP 
address of a second user (3; 3') in a virtual private network (7; 7') or a network 
domain, forming part of said compound network, 
characterized by the following steps: 

- transmitting a request for a physical address, the request comprising a logical 
10 address of the second user (3; 3') 

- forwarding the logical address of the second user (3; 3') to a connection means 

(ii); 

- returning the logical address to the first user (1; T) or automatically establishing a 
connection between the first (1; V) and the second (3; 3') user. 

15 

9. A method according to claim 8, characterized by 

- automatically establishing a connection between the first (1) user and the second 
user (3). 

20 10. A method according to claim 8, characterized by 

- returning the address of the second user (3') to the first user (T). 



11. A method according to any one of claims 8-10, characterized by determining 
the type of address to be used in dependence of the port of the name server (9; 9') on 

25 which the request was received. 

12. A method according to any one of claims 6-11, characterized in that the 
physical address may be an e-mail-address, and/or an E. 164 address. 
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